Despite increasing innovations with respect to security, malicious data actions continue to occur. Data may be modified and/or deleted in unauthorized ways. For example, data may be modified at a time during a workflow that does not accord with a usage control or policy. Such actions can disturb workflows dependent on the data. Thus, improved monitoring and countermeasures are needed to improve data and information security.